Cybercriminals Bitten by the Bitcoin Bug: What is the State of Cryptocurrencies Within Cybercrime in 2018?

The world of cryptocurrencies has sent investors and businesses on a rollercoaster journey over the last couple of years; seeing Bitcoin boom, industry experts slate the currencies and the London Block Exchange take on new cryptocurrencies. In a constant changing environment, how do cryptocurrencies now hold up in 2018?

Ryan Kalember, Senior Vice President of Cybersecurity Strategy at Proofpoint, delves into what to expect in the year ahead.

What kinds of attacks is Proofpoint seeing?

“Cybercriminals continue to follow the money. Over the last several months, the money has been in cryptocurrency and actors are turning their attention to a variety of illicit means to obtain both Bitcoins and alternatives. In addition to the North Korea linked Lazarus Group’s recent campaigns, we helped uncover a crypto mining botnet that had made as much as $3.6 million in Monero cryptocurrency by infecting Windows servers.

Ryan Kalember, SVP of Cybersecurity Strategy at Proofpoint,

Last year was also a record year for email phishing in general and we saw an increase in messages aimed at cryptocurrency users. Anyone with a digital wallet or account on a cryptocurrency exchange could be in the crosshairs. These attacks often attempt to steal wallet IDs and credentials that allow actors to conduct fraudulent transactions with third parties or withdraw funds directly.

We have also seen fraudulent cryptocurrency landing pages that are extremely difficult to distinguish from legitimate sites. In one case, the criminals even went so far as to add app store icons that linked to the real blockchain application.

As cryptocurrency adoption grows, so too will cybercriminals’ preference in using the currency. As a result, we predict a continuation in phishing attacks that target cryptocurrency wallets and services, as well as an increase in cryptomining malware.”

Why do cybercriminals like to steal cryptocurrency?

“Cryptocurrency is a very tempting target for theft because most underground services are paid using bitcoins, Monero, and other altcoins. Cybercriminals are also savvy with cryptocurrencies and have more untraceable spending options when they use digital currency. You will often hear security professionals refer to Monero as the dark web’s chosen currency. This is because Monero features a stronger focus on privacy than some other cryptocurrencies, and can still be effectively mined outside of a purpose-built server farm.

However, the volatile fluctuation of cyptocurrency values, particularly that of Bitcoin in recent months, has meant we have observed a shift in cybercriminals use of bitcoin in ransomware attacks. In the last quarter of 2017, we saw a 73% drop in ransom payment demands denominated in bitcoin. When demanding money to unlock a victim’s data, cybercriminals are now more likely to simply ask for a figure in US dollars, or a local currency, than specify a sum of Bitcoin.

Are we going to see more activity of this nature?

“Yes, cryptocurrency will continue to be a premium attack target because of the potential gain to hacking the system. Unfortunately, the anonymous nature of cryptocurrency transactions makes fraud even harder to detect. The very features of cryptocurrency that make it so popular (largely anonymous and difficult to trace transactions not controlled by any government or financial institution) make it equally appealing to thieves.

Bitcoins, and other cryptocurrencies, are like cash in a wallet. Much easier to steal if you have access to the wallet, impossible to recover, and much less likely to be detected. The mainstream interest in cryptocurrency is driving advances in malware and new approaches to phishing and cybercrime. By the end of 2017, many campaigns were beginning to include coin miner modules in addition to the primary malware payloads.”

What should cryptocurrency consumers do to better protect themselves from these crypto intrusions, and what should organisations be doing to protect their employees?

The greatest threat to individuals and businesses when it comes to the security of cryptocurrency comes in the form of criminals’ usage of social engineering and exploiting what we call ‘the human factor’. Consumers should guard their credentials carefully and be vigilant for typosquatted domains (web addresses with subtle spelling errors) and unexpected notifications from wallet and exchange services. When in doubt, always contact the service through their established email address. More importantly, online wallets and exchanges should never be considered trusted storage for cryptocurrencies.

Proofpoint’s 2018 Human Factor Report revealed that 95% of observed web-based attacks incorporated social engineering to trick users into installing malware rather than relying on exploits with short shelf lives. Therefore, organisations must combine robust security technology with the training of employees to be vigilant and spot attacks that use social engineering through email, social media, and on websites—even those seemingly tied to well-known brands or current events. Using phishing simulations (fake attacks that test use real-world tactics) can shed light on where the human vulnerabilities lie in an organisation, and paired with awareness training and technology, these simulations can reduce the impact of real attacks.